Microsoft says ungoverned AI agents could become corporate 'double agents.' Its fix costs $99 a month.

Today, Microsoft made a significant announcement regarding the general availability of Agent 365 and Microsoft 365 Enterprise 7. These products are specifically designed to address the growing need for security and governance in the realm of AI agents within large organizations. Both of these products are set to be available on May 1st, alongside Wave 3 of Microsoft 365 Copilot, which will expand the company’s agentic AI capabilities and introduce model diversity from both OpenAI and Anthropic.

Agent 365, priced at $15 per user per month, is positioned as the “control plane for agents.” It serves as a centralized system for IT, security, and business teams to observe, govern, and secure AI agents across an enterprise. On the other hand, Microsoft 365 Enterprise 7, also known as the “Frontier Worker Suite,” combines Agent 365 with Microsoft 365 Copilot and the company’s most advanced security stack into a single license costing $99 per user per month.

The timing of this release is strategic, as AI agents have transitioned from experimental prototypes to operational infrastructure within organizations. Microsoft aims to bridge the gap in tools needed to monitor these agents before adversaries can exploit any vulnerabilities that may exist.

According to Vasu Jakkal, corporate vice president of Microsoft Security, the adoption of AI agents within organizations has been rapid. Over 80% of Fortune 500 companies are actively using AI agents, with IDC projecting 1.3 billion agents in circulation by 2028. However, Microsoft’s research indicates that 29% of these agents operate without approval from IT or security teams, highlighting a governance challenge that needs to be addressed.

Microsoft has coined the term “double agents” to describe the risk of AI systems being manipulated to work against their own organizations. While real-world incidents of agent compromise have not been observed at scale, Microsoft’s AI Red Team has conducted experiments demonstrating how agents can be exploited through prompt injections and model poisoning.

The Agent 365 platform is built around three key pillars: observability, security, and governance. It extends Microsoft’s existing security infrastructure to include non-human entities, providing IT and security teams with visibility into all agents across an organization. This approach aligns with zero-trust principles, ensuring that AI agents are protected against threats, secure data access, and have their identity and access managed effectively.

Overall, Microsoft’s announcement signifies a step towards enhancing the security and governance of AI agents within organizations. By providing tools and capabilities to monitor and protect these agents, Microsoft aims to mitigate the risks associated with the rapid adoption of AI technology in operational settings. Microsoft has recently unveiled its most comprehensive enterprise AI bundle to date, the E7 ‘Frontier Suite’, priced at $99 per user. This package combines Microsoft’s entire AI and security portfolio into a single SKU, including Microsoft 365 E5, Microsoft 365 Copilot, Agent 365, the Microsoft Entra Suite, and advanced Defender, Intune, and Purview security capabilities.

According to Microsoft’s Executive Vice President Judson Althoff, the E7 bundle was developed in response to customer feedback indicating that E5 alone was no longer sufficient. Customers expressed a desire for a unified solution rather than multiple tools stitched together. At $99 per user, E7 offers cost savings compared to purchasing the components individually. E5 currently costs $57 per month, while Copilot adds $30 and Agent 365 adds $15.

TechRadar first reported in March that Microsoft was working on the E7 tier. Computerworld’s Steven Vaughan-Nichols pointed out that Microsoft’s strategy involves organizations “hiring” AI agents rather than simply using tools, with each agent licensed like a human employee. This approach gives Microsoft a unique revenue mechanism as AI agents become more prevalent in the workforce.

The launch of the E7 bundle coincides with Wave 3 of Microsoft 365 Copilot, which introduces expanded model diversity. The inclusion of Claude from Anthropic and the latest OpenAI models in Copilot chat signifies a significant development in the AI market. The partnership with Anthropic holds geopolitical implications, as the U.S. Department of Defense designated the company a supply chain risk due to specific terms of use.

Microsoft’s emphasis on trust and governance in AI deployment positions the company as a leader in making AI safe for enterprise use. The Copilot business serves as the foundation for the new security products, with 15 million paid seats and significant growth in adoption and usage.

Major organizations like Mercedes-Benz, NASA, and Publicis have embraced Copilot, with Avanade endorsing Agent 365 for its governance and security capabilities. While competitors like Palo Alto Networks and CrowdStrike are also developing AI security layers, Microsoft’s integration depth sets it apart.

As enterprises embrace agentic AI, there is a growing need for governance to mitigate security risks. Microsoft’s Agent 365 and E7 aim to address this gap by providing tools for secure AI deployment. With capabilities like Defender and Purview risk signals, organizations can manage agents effectively and ensure a trusted AI ecosystem.

The future of work revolves around trusted agents, and Microsoft is at the forefront of enabling secure AI deployment. As organizations navigate the transition to agentic AI, Microsoft’s tools offer a comprehensive solution for governance and security. Trust is not just a product roadmap but a critical element in staying ahead of potential threats in the evolving landscape of enterprise AI.